Re: [RFC][PATCH 1/3] Introduce audit_syscall LSM hook

From: Chris Wright (chrisw@private)
Date: Mon Dec 06 2004 - 20:19:46 PST

Previous message: Chris Wright: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
In reply to: Adrian Drzewiecki: "[RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
Next in thread: Adrian Drzewiecki: "Re: [RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
Reply: Adrian Drzewiecki: "Re: [RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

* Adrian Drzewiecki (z@private) wrote:
> Patch 1/3: Introduce audit_syscall LSM hook.
> ============================================
> 
> diff -ru linux-2.6.9/include/linux/security.h 
> linux-2.6.9-security_audit_syscall/include/linux/security.h
> --- linux-2.6.9/include/linux/security.h	2004-10-18 
> 14:54:40.000000000 -0700
> +++ linux-2.6.9-security_audit_syscall/include/linux/security.h	2004-12-02 
> 21:23:38.000000000 -0800
> @@ -1197,6 +1197,7 @@
>  
>   	int (*getprocattr)(struct task_struct *p, char *name, void *value, 
> size_t size);
>   	int (*setprocattr)(struct task_struct *p, char *name, void *value, 
> size_t size);
> +	void (*audit_syscall)(struct task_struct *p, void *regs, int 
> entryexit);
>  
>  #ifdef CONFIG_SECURITY_NETWORK
>  	int (*unix_stream_connect) (struct socket * sock,
> @@ -1876,6 +1877,11 @@
>  	return security_ops->setprocattr(p, name, value, size);
>  }
>  
> +static inline void security_audit_syscall(struct task_struct *p, void 
> *regs, int entryexit)
> +{
> +	security_ops->audit_syscall(p, regs, entryexit);
> +}
> +

So, with CONFIG_SECURITY this will call into security modules.

>  static inline int security_netlink_send(struct sock *sk, struct sk_buff * 
> skb)
>  {
>  	return security_ops->netlink_send(sk, skb);
> @@ -2499,6 +2505,13 @@
>  	return -EINVAL;
>  }
>  
> +static inline void security_audit_syscall(struct task_struct *p, void 
> *regs, int entryexit)
> +{
> +#ifdef HAVE_ARCH_AUDIT_SYSCALL
> +	audit_syscall(p, regs, entryexit);
> +#endif
> +}

And w/out it's only calling arch specific code.

> +
>  /*
>   * The netlink capability defaults need to be used inline by default
>   * (rather than hooking into the capability module) to reduce overhead
> diff -ru linux-2.6.9/security/dummy.c 
> linux-2.6.9-security_audit_syscall/security/dummy.c
> --- linux-2.6.9/security/dummy.c	2004-10-18 14:53:43.000000000 
> -0700
> +++ linux-2.6.9-security_audit_syscall/security/dummy.c	2004-12-02 
> 21:23:49.000000000 -0800
> @@ -873,6 +873,12 @@
>  	return -EINVAL;
>  }
>  
> +static void dummy_audit_syscall(struct task_struct *p, void *regs, int 
> entryexit)
> +{
> +#ifdef HAVE_ARCH_AUDIT_SYSCALL
> +	audit_syscall(p, regs, entryexit);
> +#endif
> +}
>  
>  struct security_operations dummy_security_ops;
>  
> @@ -1005,6 +1011,7 @@
>  	set_to_dummy_if_null(ops, d_instantiate);
>   	set_to_dummy_if_null(ops, getprocattr);
>   	set_to_dummy_if_null(ops, setprocattr);
> +	set_to_dummy_if_null(ops, audit_syscall);
>  #ifdef CONFIG_SECURITY_NETWORK
>  	set_to_dummy_if_null(ops, unix_stream_connect);
>  	set_to_dummy_if_null(ops, unix_may_send);
> 

And nothing for capability, so it's expected to pick up default from
dummy stub?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Previous message: Chris Wright: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
In reply to: Adrian Drzewiecki: "[RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
Next in thread: Adrian Drzewiecki: "Re: [RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
Reply: Adrian Drzewiecki: "Re: [RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 20:20:04 PST